Split Tunneling Cybersecurity Maturity Model Certification (CMMC)

What is Split Tunneling? Should You Allow It?

What is split tunneling as it relates to virtual private networks? Is using split tunneling secure? How does it impact CMMC compliance requirements?
Join our newsletter:

What is Split Tunneling?

Split Tunneling is a VPN setting that allows a VPN user to route a portion of their internet traffic through an encrypted virtual private network while routing the rest through a separate tunnel on the open network.
Split Tunneling
Split tunneling allows you to access resources on a corporate network via the VPN by routing that connection through an encrypted tunnel while internet traffic is not routed through that tunnel.

Benefits of Split Tunneling

Split tunneling reduces traffic on corporate networks, because not all of a remote user’s traffic goes through the VPN connection. This results in increased speed through reduced latency. Split tunneling also provides privacy benefits to VPN users because their internet traffic isn’t being monitored and logged by their company.

Disadvantages of Split Tunneling

From a security perspective allowing split tunneling creates additional risk. When split tunneling is enabled the firewall rules that apply to computers on your internal network won’t apply to your remote endpoints. If you have certain protocols and websites blocked in your firewall settings these won’t apply to your remote end-points. Basically any perimeter defense you have setup for your network won’t apply to your remote end-points.

Should You Use Split Tunneling?

It depends. If speed, convenience, and a lower internet bill is important for your organization then enabling split tunneling is a good option for you. You can make up for some of the security risks by improving the security of your endpoints by leveraging the firewall on your end points and using other tools such as Cisco’s OpenDNS.
Split Tunnel
If security is paramount to your organization then you should disable split tunneling. This provides you more control over your end-points and can help you meet cybersecurity compliance requirements.

Split Tunneling CMMC Requirements

CMMC Practice SC.3.184 states: Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
It is clear that if you have cybersecurity maturity model certification (CMMC) requirements and use a VPN you need to disable split tunneling.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More